nDSG

The revised Swiss Federal Act on Data Protection (nDSG) has been in force since 1 September 2023. It largely brings Swiss law in line with the GDPR and applies to every campsite operator that processes personal data — which is essentially every operator. CampOne is built nDSG-compliant from the ground up; this page describes how to meet each obligation in day-to-day operations.

Data processing agreement

CampOne processes your data as a processor. The data processing agreement (DPA) is part of the CampOne contract and covers:

purpose and scope of processing
hosting in Switzerland (Swiss Hosted)
sub-processors (list under Settings → Compliance → DPA)
technical and organisational measures (TOM)
data return and deletion at contract end

An up-to-date DPA is always available in your CampOne settings. Material changes are announced 60 days in advance.

Data subject rights

Towards you — the controller — guests have the following rights:

Right	What you must do
Access	Provide an overview of stored data within 30 days
Rectification	Correct or complete incorrect data
Erasure	Delete data unless retention applies
Portability	Export data in machine-readable format
Objection	Stop certain processing (e.g. marketing)

Under Compliance → Subject requests you create one request per guest. The system gathers all relevant data from bookings, invoices, audit trail, and guest portal activity, and produces a complete report.

Retention

Personal data is kept no longer than necessary:

Data type	Period	Basis
Booking master data	10 years	OR (commercial code)
Invoices	10 years	VAT law
ID scans	12 months	proportionality
Marketing consent	until revoked	nDSG
Guest portal login	24 months inactive	security
Police registration data	5 years	cantonal

Deletion runs automatically. Status per data type is visible in the compliance overview.

Processing register

The nDSG requires every controller to maintain a processing register (Art. 12 nDSG). CampOne provides a template pre-filled for the standard features:

purpose of processing
categories of data processed
recipients of data (TWINT, bank, HESTA, …)
retention
data security measures

The template is available as a PDF under Compliance → Processing register. You can extend it directly (e.g. when you add an external marketing system).

Technical and organisational measures

Among others, CampOne implements:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Access control with roles, 2FA for administrators, login logs
Tenant isolation through strict multi-tenancy
Backups daily, geo-redundant in Switzerland, 30-day retention
Penetration tests at least annually by an external specialist
Incident response with defined escalation and 72-hour notification

A detailed list is part of the DPA.

Data breach

If a data breach occurs at your end or at CampOne (e.g. a reception tablet lost without screen lock):

CampOne notifies you within 24 hours of any incident affecting your tenant.
You report the incident — if relevant — within 72 hours to the Federal Data Protection and Information Commissioner (FDPIC).
If there is a high risk to data subjects, you must inform them as well.

A template for the FDPIC notification lives under Compliance → Incident notification.

Privacy notice

You must inform guests about your data processing — typically through a privacy notice on your website. CampOne provides a boilerplate block you can include in your notice — it describes the data flows to CampOne and its sub-processors.

Tips

Update the privacy notice. When you enable the guest portal or channel manager, extend your privacy notice — the additional data flows are notice-relevant.
Take requests seriously. A subject access request must be answered within 30 days — even in high season.
Review the processing register annually. Block out an end-of-season slot to review and extend the template.